package com.gxuwz.attendance.dao;

import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.struts2.ServletActionContext;
import org.hibernate.Criteria;
import org.hibernate.criterion.Restrictions;
import org.springframework.stereotype.Repository;
import com.gxuwz.attendance.entity.User;

@Repository("UserDao")
public class UserDao extends SessionFactoryDao{
	

	/**
	 * 登录(通过用户名查询)
	 * @param user
	 * @return
	 */
	@SuppressWarnings("rawtypes")
	public String findByUser(User user) {
		String flag = "";
		Criteria criteria = getSession().createCriteria(User.class);
//		System.out.println("name" + user.getUserName());  // ' or 1=1 -- 
		// 此方式可以防止sql注入
		List list = criteria.add(Restrictions.eq("userName", user.getUserName())).list();
		
		if(list.isEmpty()) {
			flag = "empty";
		}else {
			User u = (User) list.get(0);
			// 密码是否正确
			if(!u.getPassword().equals(user.getPassword())) {
				flag = "no";
			// 判断用户类型是否正确
			} /*
				 * else if(!u.getUtype().equals(user.getUtype())) { flag = "empty"; }
				 */else {
				flag = "yes";
				HttpServletRequest request = ServletActionContext.getRequest();
				HttpSession session = request.getSession();
				session.setAttribute("user", user);
				session.setAttribute("utype", u.getUtype());
//				session.setAttribute("utype", user.getUtype());
			}
		}
		
		return flag;
	}
}
